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DETAILED ACTION 

1 . This office action is in response to Applicant's amendment filed on April 6, 2006. 
Claims 1, 9-13, 17 and 20 have been amended. New claim 22 has been added. Claims 
1-22 are pending. 

Claim Rejections - 35 USC § 101 

2. In view of the amendment filed April 6, 2006, the Examiner withdraws the 
rejection of claim 10 under 35 U.S.C. 101. 

Response to Arguments 

3. Applicant's arguments filed on April 6, 2006 have been considered but are moot 
in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §112 

4. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claims 1-22 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. Claims 1, 9-13, 17, 20 and 22 recite, 
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"determining at the second system whether the client has a valid session credential 
granted by the first system, so as to authenticate at the second system". The applicant 
has disclosed "determining at the first system if the client has a valid session credential 
granted by the second system". The applicant in the original application at the time of 
the filing has not described "determining at the second system whether the client has a 
valid session credential granted by the first system" 

6. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being incomplete 
for omitting essential elements, such omission amounting to a gap between the 
elements. See MPEP § 2172.01. The claim recite the step of "the first system 
presenting at least some of the information from the session token to the second 
system" followed by "the first system determining whether the client has a valid session 
credential granted by the second system". There appears to be a missing step, because 
it is unclear how or what is communicated from the second system to the first system 
that would enable the first system to determine whether the client has a valid session 
credential. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Howard et al. (hereinafter Howard) U.S. Patent 6,584,505 in view of Wood et al. 

(hereinafter Wood) United States Patent Number 6,668,322. 

As per claims 1,9-11 and 22: 

Howard teaches a method for validating credentials comprising: 

determining, at a first system that grants session credential based on successful 

authentication at the first system or successful authentication at a second system, that a 

client does not have a valid session credential by the first system; (col. 6, lines 46-50; 

col. 8, lines 41-43) 

retrieving, at the first system, information from a session token held by the client, 
the information corresponding to a possible session credential for the second system 
that grants session credentials based on successful authentication at the second 
system; (col. 6, lines 51-52) 

the first system presenting at least some of the information from the session 
token to the second system; (col. 6, lines 51-52; col. 8, lines 54-57) and 

the first system determining whether the client has a valid session credential with 
the second system; and (col. 8, lines 2-7; col. 8, lines 41-43; col. 8, line 66-col. 9, line 6) 

determining at the second system whether the client has a valid session 
credential granted by the first system, so as to authenticate at the second system, (col. 
9, lines 16-23) 
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Howard does not explicitly disclose a session token. Wood in analogous art, 
however, discloses a session token, (col. 3, lines 2-12) It would have been obvious to a 
person having ordinary skill in the art at the time the invention was made to modify the 
method disclosed by Howard with Wood in order to provide a system that allows 
inspection of credentials by a wide variety of entities or application to an authenticated 
trust level while preventing alteration except by a trusted authentication service. 
(Abstract, Wood) 
As per claims 2 and 14: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard teaches a method comprising granting a session 
credential to the client by the first system, after determining that the client has a valid 
session credential granted by the second system, (col. 8, line 66-col. 9, line 6) 
As per claims 3: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Wood teaches a method comprising sending a session 
token to the client, the token corresponding to a session credential granted by the first 
system, (col. 3, lines 5-13) 
As per claim 4: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard teaches a method comprising directing the client 
to the second system to establish a session credential based on successful 
authentication at the second system, after determining that the client does not have a 
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valid session credential granted by the second system, (col. 6, lines 51-52; col. 8, lines 
54-57) 

As per claim 5: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard teaches a method comprising directing the client 
to the first system to establish a session credential based on successful authentication 
at the second system, after determining that the client does not have a valid session 
credential granted by the second system, (col. 6, lines 51-52; col. 8, lines 54-57) 
As per claims 6 and 15: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard teaches a method comprising maintaining the 
client session credential granted by the second system, (col. 9, lines 6-14) 
As per claim 7: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard teaches a method wherein determining whether 
the client has a valid credential with the second system is at least partially from 
presenting at least some of the information from the session token, (col. 6, lines 51-52) 
As per claim 8: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard teaches a method wherein retrieving information 
from the session token held by the client comprises: sending a query to the client from 
the first system, the query including identification as originating from a domain name 



i 
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corresponding to the second system; and receiving a response to the query, (col. 8, 

lines 8-11) 

As per claim 12: 

Howard teaches a programmed computer for validating credentials, comprising: 

a memory having at least one region for storing computer executable program 
code; (Figure 1) and 

a processor for executing the program code stored in the memory, (Figure 1) 
wherein the program code comprises: 

code to determine, at a first system that grants session credentials based on 
successful authentication at the first system or successful authentication at a second 
system, that a client does not have a valid session credential granted by the first 
system; (col. 6, lines 46-50; col. 8, lines 41-43) 

code to retrieve, at the first system, information from a session token held by the 
client, the information corresponding to a possible session credential for a second 
system that grants session credentials based on successful authentication at the 
second system; (col. 6, lines 51-52) 

code to present at least some of the information from the session token to the 
second system; (col. 6, lines 51-52; col. 8, lines 54-57) and 

code to determine whether the client has a valid session credential with the 
second system, (col. 8, lines 2-7; col. 8, lines 41-43; col. 8, line 66-col. 9, line 6) 
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code to determine at the second system whether the client has a valid session 
credential granted by the first system, so as to authenticate at the second system, (col. 
9, lines 16-23) 

Howard does not explicitly disclose a session token. Wood in analogous art, 
however, discloses a session token, (col. 3, lines 2-12) It would have been obvious to a 
person having ordinary skill in the art at the time the invention was made to modify the 
method disclosed by Howard with Wood in order to provide a system that allows 
inspection of credentials by a wide variety of entities or application to an authenticated 
trust level while preventing alteration except by a trusted authentication service. 
(Abstract, Wood) 
As per claims 13, 17 and 20: 

Howard teaches a method for establishing session credentials comprising: 
determining that a client does not have a valid session credential for a first 
system based on successful authentication at the first system or successful 
authentication at a second system; (col. 6, lines 46-50; col. 8, lines 41-43) 

determining that a client does not have a valid session credential granted by the 
second system based on based on successful authentication at the second system; 
(col. 6, line 54-col. 7, line 15) 

sending, from the fist system to the client , a log in page; (col. 8, lines 2-11) 
receving, at the first system from the client, a log in page; (col. 8, lines 2-11) 
sending, from the first system to the second system, the log in information; (col. 
7, lines 54-col. 8, line 11) and 
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receiving, at the first system from the second system, information corresponding 
to a session credential for the second system, the session credential granted by the 
second system based at least in part on the log in information and successful 
authentication at the second system, (col. 8, lines 2-7; col. 8, lines 41-43; col. 8, line 66- 
col. 9, line 6) 

Howard does not explicitly disclose a session token. Wood in analogous art, 
however, discloses a session token, (col. 3, lines 2-12) It would have been obvious to a 
person having ordinary skill in the art at the time the invention was made to modify the 
method disclosed by Howard with Wood in order to provide a system that allows 
inspection of credentials by a wide variety of entities or application to an authenticated 
trust level while preventing alteration except by a trusted authentication service. 
(Abstract, Wood) 
As per claims 16 and 19: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard further discloses a method comprising 
associating session credentials for the first system and the second system with the 
client, (col. 7, lines 12-25) 
As per claim 21: 

The combination of Howard and Wood teaches all the subject matter as 
discussed above. In addition, Howard further discloses a method comprising granting 
the client session credentials for the first system, (col. 7, lines 54-63) 
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Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See Form PTO-892. 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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